<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>Sanitize filters</title>

 </head>
 <body><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="filter.filters.validate.html">Validate filters</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="filter.filters.misc.html">Other filters</a></div>
 <div class="up"><a href="filter.filters.html">Types of filters</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="filter.filters.sanitize" class="section">
  <h2 class="title">Sanitize filters</h2>
   <p class="para">
    <table class="doctable table">
     <caption><strong>List of filters for sanitization</strong></caption>
     
      <thead>
       <tr>
        <th>ID</th>
        <th>Name</th>
        <th>Options</th>
        <th>Flags</th>
        <th>Description</th>
       </tr>

      </thead>

      <tbody class="tbody">
       <tr>
        <td><strong><code>FILTER_SANITIZE_EMAIL</code></strong></td>
        <td>&quot;email&quot;</td>
        <td class="empty">&nbsp;</td>
        <td class="empty">&nbsp;</td>
        <td>
         Remove all characters except letters, digits and
         <em>!#$%&amp;&#039;*+-/=?^_`{|}~@.[]</em>.
        </td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_ENCODED</code></strong></td>
        <td>&quot;encoded&quot;</td>
        <td class="empty">&nbsp;</td>
        <td>
         <strong><code>FILTER_FLAG_STRIP_LOW</code></strong>,
         <strong><code>FILTER_FLAG_STRIP_HIGH</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_LOW</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_HIGH</code></strong>
        </td>
        <td>URL-encode string, optionally strip or encode special characters.</td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_MAGIC_QUOTES</code></strong></td>
        <td>&quot;magic_quotes&quot;</td>
        <td class="empty">&nbsp;</td>
        <td class="empty">&nbsp;</td>
        <td>Apply  <span class="function"><a href="function.addslashes.html" class="function">addslashes()</a></span>.</td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_NUMBER_FLOAT</code></strong></td>
        <td>&quot;number_float&quot;</td>
        <td class="empty">&nbsp;</td>
        <td>
         <strong><code>FILTER_FLAG_ALLOW_FRACTION</code></strong>,
         <strong><code>FILTER_FLAG_ALLOW_THOUSAND</code></strong>,
         <strong><code>FILTER_FLAG_ALLOW_SCIENTIFIC</code></strong>
        </td>
        <td>
         Remove all characters except digits, <em>+-</em> and
         optionally <em>.,eE</em>.
        </td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_NUMBER_INT</code></strong></td>
        <td>&quot;number_int&quot;</td>
        <td class="empty">&nbsp;</td>
        <td class="empty">&nbsp;</td>
        <td>
         Remove all characters except digits, plus and minus sign.
        </td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_SPECIAL_CHARS</code></strong></td>
        <td>&quot;special_chars&quot;</td>
        <td class="empty">&nbsp;</td>
        <td>
         <strong><code>FILTER_FLAG_STRIP_LOW</code></strong>,
         <strong><code>FILTER_FLAG_STRIP_HIGH</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_HIGH</code></strong>
        </td>
        <td>
         HTML-escape <em>&#039;&quot;&lt;&gt;&amp;</em> and characters with
         ASCII value less than 32, optionally strip or encode other special
         characters.
        </td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_FULL_SPECIAL_CHARS</code></strong></td>
        <td>&quot;full_special_chars&quot;</td>
        <td class="empty">&nbsp;</td>
        <td>
         <strong><code>FILTER_FLAG_NO_ENCODE_QUOTES</code></strong>,
        </td>
        <td>
         Equivalent to calling  <span class="function"><a href="function.htmlspecialchars.html" class="function">htmlspecialchars()</a></span> with <strong><code>ENT_QUOTES</code></strong> set. Encoding quotes can
         be disabled by setting <strong><code>FILTER_FLAG_NO_ENCODE_QUOTES</code></strong>. Like  <span class="function"><a href="function.htmlspecialchars.html" class="function">htmlspecialchars()</a></span>, this
         filter is aware of the <a href="ini.core.html#ini.default-charset" class="link">default_charset</a> and if a sequence of bytes is detected that
         makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string.
         When using this filter as a default filter, see the warning below about setting the default flags to 0.
        </td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_STRING</code></strong></td>
        <td>&quot;string&quot;</td>
        <td class="empty">&nbsp;</td>
        <td>
         <strong><code>FILTER_FLAG_NO_ENCODE_QUOTES</code></strong>,
         <strong><code>FILTER_FLAG_STRIP_LOW</code></strong>,
         <strong><code>FILTER_FLAG_STRIP_HIGH</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_LOW</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_HIGH</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_AMP</code></strong>
        </td>
        <td>Strip tags, optionally strip or encode special characters.</td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_STRIPPED</code></strong></td>
        <td>&quot;stripped&quot;</td>
        <td class="empty">&nbsp;</td>
        <td class="empty">&nbsp;</td>
        <td>Alias of &quot;string&quot; filter.</td>
       </tr>

       <tr>
        <td><strong><code>FILTER_SANITIZE_URL</code></strong></td>
        <td>&quot;url&quot;</td>
        <td class="empty">&nbsp;</td>
        <td class="empty">&nbsp;</td>
        <td>
         Remove all characters except letters, digits and
         <em>$-_.+!*&#039;(),{}|\\^~[]`&lt;&gt;#%&quot;;/?:@&amp;=</em>.
        </td>
       </tr>

       <tr>
        <td><strong><code>FILTER_UNSAFE_RAW</code></strong></td>
        <td>&quot;unsafe_raw&quot;</td>
        <td class="empty">&nbsp;</td>
        <td>
         <strong><code>FILTER_FLAG_STRIP_LOW</code></strong>,
         <strong><code>FILTER_FLAG_STRIP_HIGH</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_LOW</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_HIGH</code></strong>,
         <strong><code>FILTER_FLAG_ENCODE_AMP</code></strong>
        </td>
        <td>Do nothing, optionally strip or encode special characters.</td>
       </tr>

      </tbody>
     
    </table>

   </p>
   <div class="warning"><strong class="warning">Warning</strong>
     <p class="para">
       When using one of these filters as a default filter either through your ini file
       or through your web server&#039;s configuration, the default flags is set to 
       <strong><code>FILTER_FLAG_NO_ENCODE_QUOTES</code></strong>.  You need to explicitly set
       filter.default_flags to 0 to have quotes encoded by default. Like this:
       <div class="example" id="example-5084">
         <p><strong>Example #1 Configuring the default filter to act like htmlspecialchars</strong></p>
         <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
filter.default&nbsp;=&nbsp;full_special_chars<br />filter.default_flags&nbsp;=&nbsp;0</span>
</code></div>
         </div>

       </div>
     </p>
   </div>
 </div><hr /><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="filter.filters.validate.html">Validate filters</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="filter.filters.misc.html">Other filters</a></div>
 <div class="up"><a href="filter.filters.html">Types of filters</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>